ALE Flow Customization
Network filtering at the Application Layer Enforcement (ALE) layers of the Windows Filtering Platform (WFP) can be customized by adding filters with specific classify options.
To block inbound traffic based on outbound multicast or broadcast states, add a filter that authorizes outbound multicast and broadcast traffic and that has the FWP_CLASSIFY_OPTION_MULTICAST_STATE option set to FWP_OPTION_VALUE_DENY_MULTICAST_STATE.
To add response packets from different peers to the same ALE flow, add a filter that has the FWP_CLASSIFY_OPTION_LOOSE_SOURCE_MAPPING option set to FWP_OPTION_VALUE_ENABLE_LOOSE_SOURCE_MAPPING.
See Using Classify Options for code sample.
To modify the idle timeout values for an ALE flow, add a filter that has the FWP_CLASSIFY_OPTION_MCAST_BCAST_LIFETIME option and/or the FWP_CLASSIFY_OPTION_UNICAST_LIFETIME option set to the desired idle timeout value.
See Using Classify Options for a code sample.
- Application Layer Enforcement (ALE)
- ALE Layers
- ALE Stateful Filtering
- ALE Multicast/Broadcast Traffic
- ALE Reauthorization
- Using Classify Options